On Fri, 2003-07-25 at 12:41, Beast wrote: > > The easiest way is to create an "Administrator" user in Samba and assign > > it a UID of 0. Then, when joining your Windows machine to the domain, > > use that "Administrator" user. > > Tks felipe, > But why it needs to be root (or uid=0), is it because it needs to open > /etc/samba/smbpasswd? > What if i'm using ldap, can I use ordinary user and bind as > ldapmanager? > > This is required for me because I will use ldap backend but I don't > want to create root account in ldap which if it's compromised, it can > do anything to *all* workstation.
Sincerely, I don't know why the "Administrator" user must have a UID of 0, but I know that it's always needed, even when you're using the LDAPSAM backend. In fact, I'm using the LDAPSAM backend of Samba 3.0 beta 3 and it's a requisite that the user you use to join the machine to the domain (normally, Administrator) has a UID of cero. To secure you "Administrator" Samba user, assign it a UID of 0, a different password from your "root" unix user, and specify "/dev/null" as the home directory and login shell. Isn't this curious? :-) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
